QODRYX
QODRYX
GDPR Compliance

Your Data, Your Rights

QODRYX is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). Learn about your rights and how we protect your data.

Based in Sweden · EU Data Protection Standards

Your Rights Under GDPR

As a data subject, you have the following rights

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate personal data.

Right to Erasure

You can request that we delete your personal data ('right to be forgotten').

Right to Data Portability

You can request your data in a machine-readable format to transfer elsewhere.

Right to Object

You can object to certain types of processing, including direct marketing.

Right to Restrict Processing

You can request that we limit how we use your data.

Data We Collect

Transparency about what information we process

Account Information

  • Email address
  • Name
  • Profile picture (optional)
  • Password (encrypted)

Usage Data

  • Feature usage patterns
  • Session information
  • IP address
  • Browser type

Project Data

  • Repository connections
  • Scan results
  • Deployment logs
  • Workflow configurations

Payment Information

  • Billing address
  • Payment method (processed by Stripe)
  • Invoice history

Legal Basis for Processing

Contract Performance (Article 6(1)(b))

We process your data to provide the QODRYX services you've signed up for, including account management, security scanning, deployments, and customer support.

Legitimate Interests (Article 6(1)(f))

We may process data for fraud prevention, security monitoring, and service improvement, balanced against your privacy rights.

Consent (Article 6(1)(a))

For optional features like marketing emails and analytics cookies, we obtain your explicit consent. You can withdraw consent at any time.

Legal Obligation (Article 6(1)(c))

We retain certain data to comply with legal requirements, such as financial records for tax purposes and security logs for regulatory compliance.

How We Protect Your Data

Security measures we implement to safeguard your information

End-to-end encryption for data in transit (TLS 1.3)
AES-256 encryption for data at rest
Regular security audits and penetration testing
SOC 2 Type II compliance (in progress)
Multi-factor authentication support
Role-based access controls
Automatic data backup with encryption
Incident response procedures

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained while your account is active, deleted within 30 days of account deletion request
  • Scan results & logs: Retained for 90 days by default, configurable up to 1 year
  • Billing records: Retained for 7 years as required by law
  • Security logs: Retained for 1 year for compliance and security purposes

International Data Transfers

QODRYX is based in Sweden (EU) and primarily processes data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission
  • • Transfers to countries with EU adequacy decisions
  • • Additional technical and organizational measures

Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer. We will respond to your request within 30 days.

dpo@qodryx.comPrivacy Policy

You also have the right to lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten - IMY)

Related Policies

Privacy Policy

Full privacy notice

Cookie Policy

Cookie usage details

Security Policy

Security practices